Documentation forSecurity Event Manager

SEM 2021.2 Release Notes

Release date: May 21, 2021

This document summarizes new features, improvements, and fixed issues in Security Event Manager (SEM) 2021.2, additional features, and upgrade notes and workarounds for known issues.

For further information, see the SEM 2021.1 Administrator Guide.

For system requirements, see SEM 2021.2 System Requirements.

If you are looking for previous release notes for SEM, see Previous Version documentation.

New in SEM 2021.2

SEM 2021.2 is the first release of Security Event Manager since Adobe discontinued Flash, and is entirely HTML5-based. For further information on the discontinuation of Flash, see the Adobe Flash End-of-Life page (© 2021 Adobe, available at adobe.com, retrieved April 12, 2021).

Sign on and authentication

SEM 2021.2 simplifies and improves Single Sign On (SSO) configuration and Local User authentication. To access these settings, click the icon in the right of the menu, and select Authentication. For further information, see SEM Authentication settings.

Navigation

The SEM navigation bar has been updated, separating Live Events and Historical Events, and grouping the configuration pages together as shown below:

Connector update details

The Connector Update pane on the Update tab now shows the current version and last update. These are updated each time the connectors are successfully updated by the Update Now button or by automatic daily update. If updated using the Update Now button you will need to refresh the page to show the new information.

If a current version is displayed but the Last update shows "never" this means connectors were updated before the upgrade to SEM 2021.2. (The version can be determined but not the time.)

Microsoft 365 audit log connector

A connector for Microsoft 365 is now available. This can be configured on both SEM Manager and Agent. For configuration, Tenant ID, Client ID and Client Secret are required. These values must be resolved by customer in Azure AD and provided to SEM.

See Get started with Office 365 Management APIs for information on obtaining these values.

The connector is not dependent on operating system and can be installed on any Agent with version 2021.2 and higher.

New dashboard widgets

SEM 2021.2 provides two new dashboard widgets:

Log Storage - this widget shows the oldest event, used storage by percentage, and free storage in GiB. If used storage reaches or exceeds 80% of available capacity the background will be displayed as yellow (warning). If 90%, it will be displayed as red (critical).

Server Status - this widget shows EPS in the last hour, used memory by percentage, and free memory in GiB. If used memory reaches or exceeds 80% of available capacity the background will be displayed as yellow (warning). If 90%, it will be displayed as red (critical).

These are displayed by default on new installations.

Java Upgrade

Java runtime has been upgraded to OpenJDK 16.0.0 for SEM, Linux Agent, Windows Agent and Mac Agent.

TLS 1.0 and 1.1 is disabled in Java 16.0.0 by default.

Enhanced security features

  • HTTPS enabled by default

    HTTPS is now enabled by default for fresh deployments.

    Configuration of existing instances is not changed. If HTTP has been disabled it can be enabled by running the CMC manager > togglehttp command.

  • E-mails sent via TLS

    Previously, when an SMTP connector was configured with the TLS option (that is, sending e-mail messages via STARTTLS opportunistic encryption) the option STARTTLS was not enforced. This meant that the communication was prone to security degradation to plain text data transfer. SEM 2021.2 changes the behavior to enforce the STARTTLS SMTP option, which does not allow server to communicate in plain text. This means a misconfigured connector will stop sending e-mails.

Reports

In SEM 2021.2, TLS is enabled by default for connection to Reports:

  • If a new SEM installation is deployed with version 2021.2 then the TLS for reports is enabled by default.
  • If a previous version of SEM is upgraded to 2021.2 then the TLS for reports setting remains as it was.

New customer installation

For information about installing SEM, see the SEM Installation Guide and the SEM Getting Started Guide. For system requirements see the SEM 2021.2 System Requirements.

Before you upgrade

Migrate LDAP connectors (introduced in SEM 2020.4)

It is recommended that users remove any ambiguity in their Directory Service Tool connector configurations to allow migration to run as smoothly as possible. This can be by ensuring only one Directory Service Tool connector configuration is set up per domain.

All Directory Service Tool connectors are removed in process of the migration.

Upgrade agents

For AIX, HPUX and Solaris, agents installers now only contain custom Java; this means customers need to install Java themselves as a prerequisite.

  1. Upgrade Java installation to the latest version. See System Requirements for supported versions.
  2. Upgrade SEM agents using latest custom Java installer.

How to upgrade

If you are upgrading from a previous version, use the following resources to plan and implement your upgrade.

SEM  must be upgraded to 2020.2 or 2020.2.1 before upgrading to 2021.2. See the SEM Upgrade Path to help you plan and execute your upgrade.

Download the upgrade package from the SolarWinds Customer Portal.

CMC

Since SEM 2020.4, a password is required to access the CMC command-line interface. The default CMC password is password. See Change the SEM CMC password for instructions on changing this.

File system consistency check (fsck)

During your upgrade, the system may run a fsck check during reboot. This can last 30 or more minutes depending on the quantity of data in the data partition. With the Debian version upgrade, the file system is configured to initiate the check when certain conditions are met:

  • 21 mounts since the last check (during the 22nd reboot)

Or:

  • Six months since the last check

Supported connectors

The list of supported connectors can be found here.

Fixed issues

SEM 2021.2 fixes the following issues:

Case Number Description
00781557 issue with secure connection to threat intelligence repository resolved.
00627798 Issue with certificate resolved.
00554923, 00574629 Remote installer now working correctly to install remote agents.
00523210 Connector already exists" error resolved.
00462557 Fixed problem where remote installer was unable to mount any drive letters.
22616173 Connection issue with Report Application resolved
n/a Solaris compatibility issues resolved.

Known issues

AIX agent not connected after SEM upgrade

Issue: Because TLS 1.0 and 1.1 are disabled by default in the Java 16.0.0 runtime, AIX agents will not be able to connect to the SEM Manager after upgrade.

Workaround: To fix this issue, the agent must be re-installed manually on each machine.

To re-install the SEM agent, run the Custom Java installer and follow the onscreen instructions.

The configuration of the agent will remain in place if the agent is not uninstalled first.

Note: This may cause some data loss as, during the period between SEM manager being upgraded and all AIX agents being re-installed, no events are transmitted from agents to manager and local queues may not be big enough. (This depends on EPS and size of the alerts.)

E-mail Active responses stopped working

Issue: STARTTLS SMTP option is now enforced. If it was working before upgrade it means that SMTP server does not support this option.
Workaround: Re-configure the SMTP connector to SSL or plaintext option.

Connector update information not correct

Issue: Connectors were updated via CMC but the connector update time has not changed in UI.
Workaround: This is expected behavior. The version of the connector package cannot be determined when it is updated via CMC.

End of life, end of support, and deprecation notices

End of life

Version

EOL

Announcements

EOE Effective

dates

EOL Effective dates
6.7 May 18, 2021: End-of-Life (EoL) announcement – Customers on SEM versions 6.7, 6.7.1, and 6.7.2 should begin transitioning to the latest version of SEM. August 18, 2021: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM versions 6.7, 6.7.1, and 6.7.2 will no longer be actively supported by SolarWinds. August 18, 2022: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version versions 6.7, 6.7.1, and 6.7.2.
6.6 June 6, 2020: End-of-Life (EoL) announcement – Customers on SEM version 6.6 should begin transitioning to the latest version of SEM. September 6, 2020: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM version 6.6 will no longer be actively supported by SolarWinds. September 6, 2021: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 6.6.

End of support

Type Details
MSSQL Auditor

With SEM 2021.2, the MSSQL Auditor is no longer supported.

The MSSQL Auditor connector will remain available.

Standalone Adobe Air Console

See the Adobe Flash End-of-Life page (© 2021 Adobe, available at adobe.com, retrieved April 12, 2021).

Legal notices

© 2021 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.